CVE-2008-0604

Sažetak

The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions.

Reference

http://secunia.com/advisories/28755
http://www.securityfocus.com/bid/27602
http://www.xlightftpd.com/whatsnew.htm

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-09-2008 - 21:35

Objavljeno

06-02-2008 - 12:00